AdvDesk

Privacy Policy

Effective date: 30 April 2026 · Last updated: 30 April 2026

AdvDesk takes your privacy seriously. This policy explains exactly what we collect, why we collect it, how long we keep it, and what rights you have. We try to keep this document short and human; legal-speak is kept where it has to be, but we want you to actually read it.

Introduction

This Privacy Policy applies to the AdvDesk service operated at advdesk.advcode.net, including the AdvDesk client software, the web viewer, the public relay, and the dashboard. It describes how we handle personal data of people who sign up, use the service, or otherwise interact with us. It is written to comply with the EU General Data Protection Regulation (GDPR), the Egyptian Personal Data Protection Law (PDPL, Law No. 151 of 2020), and similar privacy regimes.

Who we are

AdvDesk is operated by ADV, a software company based in Cairo, Egypt. ADV is the data controller for personal data collected through this service. You can reach us at hello@advcode.net for general questions, or at privacy@advcode.net for privacy-specific requests (data access, deletion, portability, etc.).

What we collect

We collect only what we need to run the service. Specifically:

  • Account data. Your email address and a bcrypt hash of your password (cost factor 12). If you sign in with Google SSO, we receive your email and Google account ID — never your Google password.
  • Profile data. Optional display name, language and theme preference, and 2FA configuration if you enable it.
  • Usage data. Session start and end timestamps, the AdvDesk peer ID(s) involved, and total bytes transferred per session. This is used to enforce plan limits and show your usage in the dashboard.
  • Technical data. Source IP address (used for rate-limiting, abuse prevention, and security logs) and User-Agent string (for browser-compatibility heuristics in the web viewer).
  • Payment data. If you purchase a paid plan, billing and card details are collected and processed by Stripe. We never see or store your full card number — Stripe gives us a customer ID and the last four digits of the card for display purposes.
  • Support data. If you email us, we keep that correspondence so we can follow up.

What we don't collect

AdvDesk is end-to-end relayed: your screen contents, keystrokes, mouse movement, file transfers, and clipboard contents pass through our relay as opaque encrypted bytes. We do not:

  • Record screen contents on our servers. (Optional session recording, when enabled in Pro/Team, is generated on the host and saved client-side — not sent to us.)
  • Inspect, log, or store keystrokes or clipboard data.
  • Inspect file-transfer content. We see only metadata: byte counts.
  • Sell, rent, or share your data with advertisers. We don't run ads.
  • Use third-party tracking, analytics, or fingerprinting libraries.

How we use your data

We process the data described above for these purposes:

  • Service delivery — authenticating you, routing your sessions through the relay, enforcing plan limits, and showing your usage in the dashboard.
  • Billing — charging your subscription via Stripe, sending receipts, and handling refunds.
  • Security and fraud prevention — rate-limiting, blocking abuse, detecting compromised accounts.
  • Service communications — password resets, security alerts, plan changes, and important policy updates. We don't send marketing email unless you opt in.
  • Legal compliance — responding to lawful requests, preventing illegal use of the service.

The legal bases under GDPR Article 6 are: performance of a contract (you signed up and we deliver the service), legitimate interest (security, fraud prevention), legal obligation (tax records, lawful requests), and consent (where applicable, such as marketing opt-ins).

Cookies

We use a small number of first-party cookies. None of them are used for tracking, advertising, or third-party analytics. The full list is in our Cookie Policy.

Third-party processors

We use a short, audited list of sub-processors to run AdvDesk. Each one is bound by a written data-processing agreement.

ProcessorPurposeLocation
StripePayments, subscription billingUSA / EU (regional)
ContaboHosting (servers, database)Frankfurt, Germany
GoogleOptional Google SSO sign-inUSA / EU
Let's EncryptTLS certificate issuanceUSA

Data retention

  • Active accounts. Account data is kept for as long as your account exists.
  • Deleted accounts. When you delete your account, we soft-delete it for 30 days (so you can recover it if you change your mind), then permanently purge personal data from production systems. Backups are encrypted and rotated within 90 days.
  • Session logs. Connection metadata (timestamps, byte counts, peer IDs) is kept for 90 days, then automatically deleted.
  • Billing records. Invoices and tax records are retained for 7 years to comply with Egyptian and EU accounting law.
  • Security logs. Failed-login and rate-limit logs are kept for 30 days.

Your rights

Under GDPR (Articles 15–22) and the Egyptian PDPL, you have the right to:

  • Access — ask for a copy of the personal data we hold about you.
  • Rectification — ask us to correct inaccurate data.
  • Erasure — ask us to delete your data ("right to be forgotten"). You can also do this directly from /account.
  • Portability — receive your data in a machine-readable format (we provide a JSON export at /account/export).
  • Restriction — ask us to pause processing while a complaint is being resolved.
  • Objection — object to processing based on legitimate interest.
  • Not be subject to automated decisions — AdvDesk does not make automated decisions that produce legal or similarly significant effects on you.
  • Withdraw consent — for any processing based on consent, at any time.
  • Lodge a complaint — with your local supervisory authority (in the EU, that's your national Data Protection Authority).

To exercise any of these rights, email privacy@advcode.net. We respond within 30 days as required by GDPR; in practice we usually reply within a few business days.

International transfers

Our primary infrastructure is hosted with Contabo in Frankfurt, Germany — inside the European Economic Area, which means transfers from EU users are domestic and require no additional safeguards. Some sub-processors (Stripe, Google) may transfer data to the United States; in those cases we rely on the EU Standard Contractual Clauses (SCCs) and applicable adequacy decisions to ensure your data remains protected to GDPR-equivalent standards.

Security

We apply industry-standard technical and organizational measures, including:

  • TLS 1.2+ everywhere — both for the dashboard and for the relay WebSocket.
  • Passwords hashed with bcrypt at cost factor 12 (never stored in plaintext, never logged).
  • Optional two-factor authentication (TOTP, RFC 6238) on every account.
  • Encrypted database backups, rotated and stored separately from production.
  • Principle of least privilege for staff access; access is logged.
  • Automatic security patches on all servers; weekly dependency review.

Despite our best efforts, no system is perfectly secure. If you believe your account has been compromised, please email security@advcode.net immediately.

Children

AdvDesk is not directed at children under 13, and we do not knowingly collect data from anyone under 13. If you are a parent or guardian and believe your child has signed up, please contact us and we will delete the account.

Updates to this policy

We may update this Privacy Policy from time to time. If we make material changes (changes that meaningfully affect your rights or how we use your data), we will notify you by email at the address on file and via an in-app banner at least 30 days before the changes take effect. The effective date at the top of this page always reflects the latest version.

Contact

Questions, concerns, or requests under this policy: privacy@advcode.net.
General contact: hello@advcode.net.
Mailing address: ADV, Cairo, Egypt.